Skip to main content

Analyze scan results

A scan observes the data flow in an application and reports vulnerabilities that it discovers.

After you analyze the results, update your code and run the scan again to verify the vulnerability is fixed.

Steps

To find information on vulnerabilities after a scan completes:

  1. Select Scans in the header.

    The Scans page shows a list of scan projects.

  2. To view a list of discovered vulnerabilities and their severity:

    1. Select a scan project.

    2. In the Overview tab, click a vulnerability number or select the Vulnerabilities tab.

      This image shows how to select vulnerabilities

      Alternatively, to see vulnerabilities with a specific status, under Status, select a section in the Vulnerability bar.

      This image shows how to select vulnerabilities with a specific status
  3. On the Vulnerabilities tab, to sort the vulnerabilities by status or severity, select the Filter icon (filterIcon.png ) next to the Severity or Status columns and select one or more statuses.

    Severity filters:

    Image shows the list of severity filters

    Status filters:

    scanStatusFilter.png

    To clear a filter, select Clear next to the Severity or Status column.

  4. To view more information about a specific vulnerability, in the Vulnerabilities tab, select the vulnerability.

    • The Overview tab for the selected vulnerability shows a description of the vulnerability, including what happened in your code and the risk associated with the vulnerability.

  5. To view the details about the vulnerability and its location in your code, select the Details tab:

    • The method where a vulnerability exists.

    • The file where the scan discovered the vulnerability.

    • The first line in the code where the scan discovered the vulnerability.

  6. To view suggestions for fixing the code, select the How to fix tab.

  7. To view additional details about the vulnerability, select the Notes tab for these details:

    • When the vulnerability is detected

    • The code module where Contrast found the vulnerability

    • The type of vulnerability (for example, injection)

    • Severity

    • Risk confidence

    • Security standards that apply to the vulnerability

  8. To view vulnerability activity, select the Activity tab for these details:

    • The user who made changes

    • Vulnerability status changes

    • Comments